Vous êtes sur la page 1sur 21

safeguardglobal.

com

Table of Contents
Introducing the SafeGuard Global Secure File Transfer Service (SFTP) ....................................2
The purpose of an SFTP service: .............................................................................................3
How to create a Public and Private Key pair using PuTTYgen (an RSA and DSA key
generation utility) ..................................................................................................................4
A User Guide to setting up SFTP access using the FileZilla client program............................….9
An operational guide on how to use Filezilla to transfer information to your SGWI payroll
contact .................................................................................................................................13
Frequently Asked Questions .................................................................................................16
Appendix A ...........................................................................................................................18
Appendix B ...........................................................................................................................19

September 2018 Page 1 of 21


Introducing the SafeGuard Global Secure File Transfer Service (SFTP)

This document is intended to provide a general overview of the SFTP service


provided by SGWI. As well as background information for non- technical users,
the guide also explains what steps your organisation needs to carry out to
enable access to the service.

In addition, this document provides detailed instruction on how to configure


FileZilla software to act as a suitable secure FTP client to connect to the service.
Please note; there are a range of commercially available SFTP client programs
aside from FileZilla that your organisation may already employ.
Notwithstanding that, the principles of configuring the client to connect still
remain.

Finally, this document provides details on how you should use the service once
successfully configured along with some FAQ’s.

IMPORTANT: elements of successfully completing this work WILL require


administrative work to be carried by your IT staff and as such, it is
recommended you make this document available accordingly.

September 2018 Page 2 of 21


The purpose of an SFTP service:

Having an SFTP platform allows sensitive information to be transferred securely


over public networks such as the Internet. The security inherent with this is
provided through the adoption of matching private and public encryption key
pairs which are unique to the transfer process.

Before access to the service can be granted, your organisation will need to issue
SGWI with the public key generated by your company for upload it into our
SFTP platform. Once uploaded, security is ensured by checking that the key
presented by your staff when they connect to our platform (this will be your
private key of the pair) matches the copy of the public key we hold. Without
this match any connection will be refused.

In addition to providing SGWI with the PUBLIC key, you will also need to provide
details of how you would like your own unique folder structure to appear on
our SFTP platform. Further guidance on this is included in Appendix B of this
document.

September 2018 Page 3 of 21


How to create a Public and Private Key pair using PuTTYgen (an RSA and DSA
key generation utility).

The following section provides guidance on how to generate a unique key pair
using freely available software. Use of this particular software is not
rescriptive but is included more as a source of background information. Your
IT team should carry out this task and will provide you with the necessary
keys for you to connect to our SFTP platform.

1. Download PuTTygen (puttygen.exe) as per the link below and run the
program.

https://the.earth.li/~sgtatham/putty/latest/w32/puttygen.exe

2. Once downloaded, run the PuTTY Key Generator program which will open
as per the screen shot below.

Select DSA and change the number of bits to 2048


Next click the generate button.

September 2018 Page 4 of 21


3. To generate a random key, move your mouse as instructed.

4. Next the key will begin to be generated and you will be asked to wait while
this process completes.

September 2018 Page 5 of 21


5. Once the key is generated click the button marked ‘Save Public Key’

When prompted to enter a filename, please use the following naming


convention: “yourcompanynamepubkey” (ie: if your company is called
ABC123, the filename would be ABC123pubkey).

6. Click Save to continue.

September 2018 Page 6 of 21


Note: if you require multiple public keys as described in Appendix B, please
name your keys in a meaningful manner such that reflect your differing team
names.

Failure to do this before issuing us the keys will mean the keys will have to be
recreated / renamed.

7. Next, save the PRIVATE key by clicking the button labeled ‘Save Private
Key’.

September 2018 Page 7 of 21


8. Select ‘Yes’ when prompted if you want to save the key without a
passphrase prompt.

9. Save the filename as “yourcompanynameprivkey” Click Save to continue.


(ie: if your company is called ABC123, the filename would be ABC123privkey).
It is envisaged that the distribution of your private key generated by this
process will be managed by your own IT staff.

As with the public keys, if you wish to assign different keys to different
internal teams as per Appendix B you will need to name the various private
keys in the same format as the previous public key naming convention.

10. Please pass the PUBLIC key(s) to the SGWI contact as per the SGWI
contact listed in Appendix B. Once the service has been configured for your
access, your SGWI contact will issue you with the necessary unique
username(s) to gain access.

Further instructions on how to configure access as well as how to use a typical


SFTP client are included below for completeness.

September 2018 Page 8 of 21


A User Guide to setting up SFTP access using the FileZilla client program

This document is intended as a guide to installing and configuring FileZilla (an


open source FTP client that supports SFTP) to connect to the SGWI SFTP
service.

As mentioned previously, there are a range of commercially available SFTP


client programs aside from FileZilla that your organisation may already
employ.

Notwithstanding that, the principles of configuring the client to connect


correctly still remain.

Please note: Please seek guidance from your own IT Department as to where
your private keys are located; typically these will be in a secure location
managed by them.

In addition, your local network firewall administrator may need to allow


outbound access to this service. As such we recommend you pass them the
details from appendix A.

• Download and install the FileZilla client software. Note: to install this
software will require that you have administrative rights to your PC. It is
recommended that you confirm with your own IT staff if this is allowed.

http://filezilla-project.org/download.php?type=client

• Run the FileZilla program

September 2018 Page 9 of 21


• Within the FileZilla browser select ‘Edit’ – ‘Settings’.

• Within Select page, expand ‘Connection’ – ‘FTP’ – ‘SFTP’ and click Add
Keyfile.

• Locate the previously created PRIVATE key and select ‘Open’. The location
where the private key is located

September 2018 Page 10 of 21


• The private key should now be loaded into the private key cache. Click OK to
return to the main program.

• Next within FileZilla select ‘File’ – ‘Site Manager’

• Within Site Manager, select the button to create a new site. It would make
sense to give the site a name of SGWI.

Once the site has been created populate the General tab with the following
settings: -

Host: file.safeguardworld.com
Port: Leave blank
Server type: SFTP –SSH File Transfer Protocol
Logon type: Interactive
User: The user name issued you by SGWI (Note: This is case sensitive)

September 2018 Page 11 of 21


• Once complete click connect. During the connection process your Private key
is matched against the public key that is hosted on the SGWI servers. Once
logged in you will see two directories called Inbound and Outbound.

\ Inbound = Files sent from Customer to SGWI

\ Outbound = Files sent from SGWI to Customer

In terms of the principles of using the SFTP service once operational, please see
the guide below. Again, this is based on the FileZilla program, but the principles
remain valid for any other SFTP client program you may be using.

September 2018 Page 12 of 21


An operational guide on how to use Filezilla to transfer information to your
SGWI payroll contact

After starting FileZilla you will presented with the interface screen which is laid
out by way of the folder and files of your machine on the left hand side and
those of the remote machine (our SFTP server) on the right hand side. You can
navigate through the folder structure in the same way as Windows Explorer.

To establish a secure connection to the SFTP platform, click on File – Site


Manager. This should present you with a drop down list of the connections
setup on your machine.

Select the one labeled SGWI (Note: your IT team may have given this a different
name) to establish the connection. You will notice lines of text scrolling through
the upper screen that should finish with a final status reporting ‘Connected to
file.safeguardworld.com’

If the connection fails, please attempt to reconnect. If the connection continues


to fail, please discuss any errors reported on your screen with your own IT staff
for help in resolving matters.

September 2018 Page 13 of 21


Once the connection is successfully established you will see the folders on our
SFTP server that have been made available to yourself to transfer via.

Depending on your company’s individual requirements you may see a number


of different countries or regions listed. Under each of these folders you will find
both an INBOUND and an OUTBOUND folder.

Please use the INBOUND folder to SEND information to SGWI.

Please use the OUTBOUND folder to RECEIVE information from SGWI.

You can upload or download a file by double-clicking on it. It will be added to


the transfer queue and the transfer starts automatically. To transfer directories
and/or multiple files, select them and right-click the selection. Then you can
click on Upload / Download in the popup menu. Find your file(s) for SGWI in the
local site ready for transfer to the remote site.

For completeness, the screenshots below show some general FileZilla windows
to illustrate how a session may look. These DO NOT reflect your folders and
files.

September 2018 Page 14 of 21


You can also drag the files from one side (i.e. your local site) and drop them on
the other side the remote site for SGWI. To add files to the queue so that they
will be transferred later, select them and click Add to Queue from the popup
menu. You may also drag the files directly into the queue.

Finally, you can click on a file, then drag the file (a box is added to the arrow
cursor) to the directory where you want to move it. The directory will be
highlighted when you are over it. Let go of the mouse button and the file will be
moved to the directory.

September 2018 Page 15 of 21


Frequently Asked Questions

What should I do to notify SGWI that I have uploaded files to you?

Please email your nominated contact that you have completed this.
Depending on at what stage in the onboarding cycle you are, this will either
be your initial contact within our Implementation team or your regular
contact within the Operations team.

How will I know when files are available for me to download?

You will be emailed details of the file name(s) and locations after we have
made them available for download.

What do I do with the files on SFTP once I have downloaded them?

To avoid confusion, we would recommend you delete all files from our SFTP
server once you have successfully downloaded them. By default, our system
will automatically clear out ALL files remaining on the system that are older
than 5 days.

Can I accidently delete either the Inbound or Outbound folders?

You do not have the ability to create, rename or delete folders.

What happens if I haven’t downloaded a file before it is deleted?

Please notify your nominated contact and we will upload the file for you.

September 2018 Page 16 of 21


Symptoms of a corrupt file

There may be an instance where a file has corrupted during the transfer
process. This would typically result in a file not opening at all or a file size
being significantly reduced from what it typically should be. If you do
experience this, notify your nominated contact within SGWI and we will
investigate matters further.

Who should I contact if I have a problem?

Please get in touch with your nominated contact within SGWI you will answer
your query directly.

I’m trying to connect but get prompted for a password that I have not received,
what should I do?

As the connection is configured to use key pairs rather than passwords, it is


most likely that you have setup your SFTP client incorrectly or your PC is
unable to locate the key(s) it is trying to authenticate with.

Please ensure that your connection is configured as an ‘Interactive’


connection and that the correct PRIVATE key(s) are loaded.

We would suggest that if the problem persists you contact your IT


Department directly.

September 2018 Page 17 of 21


Appendix A

Outbound firewall settings required to allow FileZilla to connect to the SGWI


SFTP service.

Destination: file.safeguardworld.com (188.65.36.115)

Protocol: TCP/SSH

Port: 22

September 2018 Page 18 of 21


Appendix B

The following information is required to allow the SGWI IT Dept to setup your
initial SFTP structure. Your nominated contact within SGWI will discuss with you
directly about completing the information to suit your own particular needs in
terms of:

1. Your requirements for the SFTP folder structure

2. Your requirements for any security partitioning against the above


folder structure in terms of options to enable you to control which of
your own staff can access what folders.

Below are examples to consider in terms of both folder structure and security
partitioning:

o SFTP Folder structure

Typically, this will configured by country with and inbound and outbound
folder beneath each.

September 2018 Page 19 of 21


o Folder Access Permissions

Depending on your own circumstances, you may simply require a single user
account and associated public / private key pair that all your users’ use. This is
illustrated in the example below where all users within the client team have full
access to all country folders

Account called ABC Ltd configured


by SGWI to have full access to ALL
country folders.
ABCLtdPublicKey assigned to the top
level ABC Ltd folder

Alternatively, if you require an extra level of control internally, access to


the country level folders can be restricted to teams within your organisation. If
this is the case, we would typically setup team accounts against specific country

folders as requested. Each team would need to be allocated its own key pair as
part of this configuration.

i.e.: in the example below, you would need to generate 3 key pairs and issue us
with the 3 public keys listed below. You yourself would need to issue the correct
corresponding private key to your own people accordingly.

XYZLtdPublicKey
XYZLtdEUROPEPublicKey
XYZLtdLATAMPublickKey

September 2018 Page 20 of 21


Account called XYZ Ltd configured by
SGWI to have full access to ALL
country folders.

XYZLtdPublicKey assigned to the


Client Name folder level

Account called XYZ Ltd Europe configured by


SGWI to have full access to the France,
Germany, Spain, Turkey folders ONLY.

XYZLtdEUROPEPublicKey assigned to the


Europe folder level

Account called XYZ Ltd LATAM configured by


SGWI to have full access to the Argentina,
Brazil, & Mexico folders ONLY.

XYZLtdLATAMPublicKey assigned to the LATAM


folder level.

September 2018 Page 21 of 21

Vous aimerez peut-être aussi